Computer Associates eTrust Firewall 2.0

Computer Associates’ latest firewall product, eTrust
Firewall 2.0, attempts to address two issues plaguing
many of today’s NT-based firewall products: scalability
and interface portability (using Java). Computer Associates’
approach involves separating the firewall into four
distinct segments: Firewall Engine, Admin Server, Admin
Client, and User Client. Once the firewall is segmented,
administrators (using an Admin Client) should be able
to modify any firewall security policy (on an Admin
Server) and then distribute it to any number of Firewall
Engines. The User Client is needed only if you aren’t
using native OS authentication, which is supported.

I found that the problem with eTrust Firewall manifests
itself the first time you load the Admin Client. The
Admin Client is a Java application and runs as if the
processor is drowning in molasses. But if you’re patient
enough to trudge through the interface, you’ll find
it’s actually quite intuitive and features a Windows
Explorer-like look and feel. As for features, eTrust
Firewall is a bit sparse compared to other firewall
products. It appears Computer Associates doesn’t want
this product to overextend itself or overlap with other
product offerings such as Computer Associates’ eTrust
VPN or eTrust Intrusion Detection.

The documentation included with Computer
Associates’ eTrust Firewall includes helpful screen
images, such as this one describing security policy
deployment and customization. (Click image to
view larger version.)

eTrust Firewall contains solid NAT support, extensive
reporting, and a wide array of access control features.
It’s obvious, with its distributed management system,
ability to segment, group IP ranges, and seamless support
of DMZ configurations, that the product is designed
for large enterprises. eTrust Firewall is a good fit
for shops looking for a solid, no-frills firewall designed
with enterprise management features in mind.